package io.confluent.kafka.clients.plugins.auth.http.resources;

import io.confluent.kafka.clients.plugins.auth.http.entities.ProviderMetadataResponse;
import io.confluent.kafka.clients.plugins.auth.http.entities.TokenResponse;
import io.confluent.kafka.clients.plugins.auth.jwt.TestJwkProvider;
import java.net.URI;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import javax.inject.Inject;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;

@Path("/")
/* loaded from: input_file:io/confluent/kafka/clients/plugins/auth/http/resources/TestJwtProvider.class */
public class TestJwtProvider {

    @Inject
    TestJwkProvider jwks;

    @GET
    @Produces({"application/json"})
    @Path(".well-known/openid-configuration")
    public ProviderMetadataResponse getMessage(@Context UriInfo uriInfo) {
        URI baseUri = uriInfo.getBaseUri();
        return ProviderMetadataResponse.builder().issuer(baseUri).jwksURI(baseUri.resolve("jwks.json")).tokenURI(baseUri.resolve("authorize")).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("jwks.json")
    public String getJwks() {
        return this.jwks.getJsonWebKeySet().toJson();
    }

    @GET
    @Produces({"application/json"})
    @Path("jwks/{kid}.json")
    public String getJwk(@PathParam("kid") String str) {
        return new JsonWebKeySet(new JsonWebKey[]{this.jwks.getJwk(str).orElseThrow(NotFoundException::new)}).toJson();
    }

    @GET
    @Produces({"application/json"})
    @Path("authorize")
    public TokenResponse getToken(@Context UriInfo uriInfo, @QueryParam("kid") @DefaultValue("") String str, @QueryParam("sub") @DefaultValue("") String str2, @QueryParam("aud") String str3, @QueryParam("sigAlg") @DefaultValue("RS256") String str4) throws Exception {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(uriInfo.getBaseUri().toString().replaceFirst("/*$", ""));
        jwtClaims.setSubject(str2 == null ? "test" : str2);
        if (str3 != null) {
            jwtClaims.setAudience(URLDecoder.decode(str3, StandardCharsets.UTF_8.toString()).split(","));
        }
        jwtClaims.setIssuedAt(NumericDate.now());
        jwtClaims.setExpirationTimeMinutesInTheFuture(10.0f);
        jwtClaims.setGeneratedJwtId();
        RsaJsonWebKey rsaJsonWebKey = this.jwks.getJwk(str).get();
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        if (!str.isEmpty()) {
            jsonWebSignature.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
        }
        jsonWebSignature.setAlgorithmHeaderValue(str4);
        if (!str4.equals("none")) {
            jsonWebSignature.setKey(rsaJsonWebKey.getPrivateKey());
        }
        jsonWebSignature.setHeader("jku", uriInfo.getBaseUri().resolve("jwks.json"));
        jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS);
        jsonWebSignature.setPayload(jwtClaims.toJson());
        try {
            return TokenResponse.builder().idToken(jsonWebSignature.getCompactSerialization()).expiresIn(jwtClaims.getExpirationTime().getValueInMillis()).build();
        } catch (Exception e) {
            System.out.println(e);
            throw new RuntimeException("");
        }
    }
}
